This is a place for me to ruminate about Privacy. Since I work as Google's Global Privacy Counsel, I need to point out that these ruminations are mine, not Google's. Please don't attribute them to Google.

Thursday, October 25, 2012

Microsoft's brilliant master class on how to change a privacy policy

Privacy professionals are often asked how to change or update a Privacy Policy. There are really just two basic choices: openly or quietly.

Naturally, I was professionally curious to see how Microsoft went about changing its privacy policy recently. It was particularly interesting, because Microsoft made changes that were very similar to those Google made to its own privacy policy in March. It's interesting when you have two large companies, making very similar changes to their privacy policies at the same time, but annoucing them in very different ways.

When Google announced its changes, Microsoft launched a worldwide PR campaign to discredit Google. So, it is striking that Microsoft quietly made similar changes to its privacy policies that it so loudly criticized Google for making. After Microsoft took out full-page newspaper ads to criticize Google for its changes, did Microsoft take out similar full-page ads to inform its users of the changes Microsoft was making? Nope. And "almost no one noticed" Microsoft's changes, as The New York Times reported.

If the goal was to make changes in their privacy rules that "almost no one noticed", Microsoft was brilliant.

I can guess what lessons will be drawn by most privacy professionals from this master class. When the time comes for privacy professionals to update their own privacy policies, they now have two models to compare. The open and transparent path led to worldword advocacy tirades and intense regulatory scrutiny. The other path, well, Microsoft brilliantly blazed a trail so that "almost no one noticed". Which path do you think privacy professionals will pick in the future? Which path do you think is good for privacy?